期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于贝叶斯网络的信息安全风险评估方法 被引量:39

The Method of Information Security Risk Assessment Using Bayesian Networks
下载PDF
导出
摘要 在系统分析信息安全风险要素及评估过程的基础上,针对评估过程中的不确定性信息难以量化处理的问题,引入贝叶斯网络推理算法,并结合专家知识给出贝叶斯网络下的推理规则条件概率矩阵,从而构建了信息安全风险评估模型.最后以实例分析了基于此模型的风险评估方法.仿真结果表明该方法是一种有效的评估算法,较为准确地了反映了信息安全的风险等级,为信息安全风险评估提供了一种新的思路. The risk factors for information security and its assessment process are analyzed completely. According to the characteristic of uncertainty information in the assessment process, the reasoning algorithm on Bayesian Networks is presented, and the conditional probability matrix of the reasoning rule is given base on the expert knowledge. Thus, the model of information security risk assessment is constructed. Finally, an instance of the risk assessment approach on the model is analyzed, which demonstrates the rationality and feasibility of this method. So it provides a new method for information security assessment.
作者 付钰 吴晓平 严承华
机构地区 海军工程大学信息安全系
出处 《武汉大学学报(理学版)》 CAS CSCD 北大核心 2006年第5期631-634,共4页 Journal of Wuhan University:Natural Science Edition
基金 国家自然科学基金资助项目(70471031)
关键词 贝叶斯网络 风险评估 信息安全 Bayesian network risk assessment information security
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

二级参考文献11

  • 1[1]Rommelfanger HJ.Multicriteria Decision Making Using Fuzzy Logic [C].In:Proceedings of the Conference on the North American Fuzzy Information Processing Society, 1998: 360~364
  • 2[2]Hanseong S,Poonghyun S.A Software Safety Evaluation Method Based on Fuzzy Colored Petri Nets[C].In:Proceedings of International Conference on Fuzzy Systems, 1999; (2): 830~834
  • 3[3]Antonakopoulos T, Agavanakis K.CASE Tools Evaluation: An Automatic Process Based on Fuzzy Sets Theory[C].In:Proceedings of Sixth IEEE International Workshop on Rapid System Prototyping, 1995:140~146
  • 4[4]Cannavacciuolo A,Capaldo G.A Fuzzy Model of the Evaluation Process[C].In:Proceedings of the Fifth IEEE International Conference on Fuzzy Systems, 1996; (2) :828~834
  • 5[5]Copigneaux F,Martin S.Software Security Evaluation Based on a Topdown McCall-like Approach[C].In:Proceedings of the Fourth Conference on Aerospace Computer Security Applications, 1988:414~418
  • 6[6]Garrabrants WM,Ellis AW.CERTS :A Comparative Evaluation Methodfor Risk Management Methodologies and Tools[C].In:Proceedings of the Sixth Annual Computer Security Applications Conference,1990:251~257
  • 7United States General Accounting Office, Accounting and Information Management Division. Information Security Risk Assessment[Z]. Augest 1999.
  • 8National Institute of Standards and Technology. Special Publications 800-30, Risk Management Guide(DRAFT)[Z]. June 2001.
  • 9BUTLER S A, FISCHBECK P. Multi-Attribute Risk Assessment, Technical Report CMD-CS-01-169[R]. December 2001.
  • 10BUTLER S A. Security Attribute Evaluation Method: A Cost-Benefit Approach[Z]. Computer Science. Department, 2001.

共引文献346

同被引文献310

引证文献39

二级引证文献366

武汉大学学报(理学版)
2006年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部